package com.edgardeng.hello.configure;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
    private static final String DEMO_RESOURCE_ID = "order";
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId(DEMO_RESOURCE_ID).stateless(true);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                // 配置 product 访问控制，必须认证过后才可以访问。 其他路径无需认证
                .authorizeRequests()
                .antMatchers("/product/**")
                .authenticated();

        http
                // login 放行 其他请求需要 USER角色
                .authorizeRequests()
                .antMatchers("/login").permitAll()
                .anyRequest().hasRole("USER");

//        http
//                // 认证异常处理页面
//                .exceptionHandling()
//                .accessDeniedPage("/login.jsp?authorization_error=true");

    }

    /**
     * 初始化内存用户数据
     */
//    @Autowired
//    public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
//        auth.inMemoryAuthentication()
//                .withUser("marissa").password("koala").roles("USER")
//                .and()
//                .withUser("paul").password("emu").roles("USER");
//    }

    /**
     * WebSecurity配置
     * 资源文件不需要配置
     */
//    @Override
//    public void configure(WebSecurity web) throws Exception {
//        web.ignoring().antMatchers("/webjars/**", "/images/**", "/oauth/uncache_approvals", "/oauth/cache_approvals");
//    }

}
